Linux – Page 2 – More Zonkyness

Amazing Command-Line Tools: The Pipe

Jul 232022

I was following one of those Twitter threads posting their favourite command-line tools (specifically for infosec), and added my own entry – the incomparable tshark. Later it occurred to me that the best command-line tool isn’t really a tool at all as it is built into the shell – the pipe. Many of the command-line tools just wouldn’t be quite the same without it.

For those who aren’t familiar with the command-line, the pipe (“|”) takes the output of one command and feeds it as input to another command. And you can string such pipelines together to add to each other (which can lead to inefficiencies).

For example :-

» ls | wc -l
84

This takes the usual command for listing files and sends the output into the “word count” command to produce a count of the number of files in the current directory. To be more precise, it produces a count of the number of files that ls thinks is in the directory. You can get different results with different variations :-

» echo * | wc -w
89
» ls -a | wc -l
463

If you had a log file containing DHCP requests you could :-

» grep DHCPDISCOVER 2022.07.local0.info.log | head
2022-06-30T23:59:05+00:00 <local0.info> 2001:db8:bad:cafe::b/d-FCB dhcpd: DHCPDISCOVER from 4D:6D:4F:55:59:B4 (esp32-D04CCC) via 10.72.0.1
2022-07-01T01:30:04+00:00 <local0.info> 2001:db8:bad:cafe::b/d-FCB dhcpd: DHCPDISCOVER from 4D:6D:4F:55:59:B4 (esp32-D04CCC) via 10.72.0.1
2022-07-01T02:53:33+00:00 <local0.info> 2001:db8:bad:cafe::b/d-FCB dhcpd: DHCPDISCOVER from DF:69:AF:DC:79:3E via eth0
2022-07-01T02:53:33+00:00 <local0.info> 2001:db8:bad:cafe::b/d-FCB dhcpd: DHCPDISCOVER from DF:69:AF:DC:79:3E via 10.0.0.1
2022-07-01T02:53:39+00:00 <local0.info> 2001:db8:bad:cafe::b/d-FCB dhcpd: DHCPDISCOVER from a8:a6:48:92:9d:36 via eth0
2022-07-01T03:01:03+00:00 <local0.info> 2001:db8:bad:cafe::b/d-FCB dhcpd: DHCPDISCOVER from 4D:6D:4F:55:59:B4 (esp32-D04CCC) via 10.72.0.1
2022-07-01T04:32:02+00:00 <local0.info> 2001:db8:bad:cafe::b/d-FCB dhcpd: DHCPDISCOVER from 4D:6D:4F:55:59:B4 (esp32-D04CCC) via 10.72.0.1
2022-07-01T04:56:53+00:00 <local0.info> 2001:db8:bad:cafe::b/d-FCB dhcpd: DHCPDISCOVER from 91:06:27:15:EF:DC via 10.72.0.1
2022-07-01T06:03:01+00:00 <local0.info> 2001:db8:bad:cafe::b/d-FCB dhcpd: DHCPDISCOVER from 4D:6D:4F:55:59:B4 (esp32-D04CCC) via 10.72.0.1
2022-07-01T07:34:00+00:00 <local0.info> 2001:db8:bad:cafe::b/d-FCB dhcpd: DHCPDISCOVER from 4D:6D:4F:55:59:B4 (esp32-D04CCC) via 10.72.0.1

List out the first few DHCP DISCOVER requests (the astute may notice that I’ve done some obfuscating). We can then pick out a field using awk to list just the MAC addresses :-

» grep DHCPDISCOVER 2022.07.local0.info.log | awk '{print $7}' | head
4D:6D:4F:55:59:B4
4D:6D:4F:55:59:B4
DF:69:AF:DC:79:3E
DF:69:AF:DC:79:3E
a8:a6:48:92:9d:36
4D:6D:4F:55:59:B4
4D:6D:4F:55:59:B4
91:06:27:15:EF:DC
4D:6D:4F:55:59:B4
4D:6D:4F:55:59:B4

We can then remove the “head” command and add a sort and uniq command to produce a full list of all MAC addresses that have performed a DHCP DISCOVER :-

» grep DHCPDISCOVER 2022.07.local0.info.log | awk '{print $7}' | sort | uniq -c
      4 DF:69:AF:DC:79:3E
      3 89:C1:67:B8:9D:6F
      6 F3:55:1E:06:D4:49
      4 F3:55:1E:06:D4:48
     12 4D:6D:4F:55:59:B3
     92 91:06:27:15:EF:DC
     46 85:2C:B4:B3:70:7E
    333 4D:6D:4F:55:59:B4
      2 40:5B:D8:FF:FA:29
     72 FD:D4:00:41:29:BE
      5 36:1E:07:2D:AD:76
     41 44:FD:6E:05:82:21
     81 CC:78:14:BB:E4:3D

We can sort the result into reverse numerical order :-

» grep DHCPDISCOVER 2022.07.local0.info.log | awk '{print $7}' | sort | uniq -c | sort -r -n
    333 4D:6D:4F:55:59:B4
     92 91:06:27:15:EF:DC
     81 CC:78:14:BB:E4:3D
     72 FD:D4:00:41:29:BE
     46 85:2C:B4:B3:70:7E
     41 44:FD:6E:05:82:21
     12 4D:6D:4F:55:59:B3
      6 F3:55:1E:06:D4:49
      5 36:1E:07:2D:AD:76
      4 F3:55:1E:06:D4:48
      4 DF:69:AF:DC:79:3E
      3 89:C1:67:B8:9D:6F
      2 40:5B:D8:FF:FA:29

And if you have access to the relevant script, you can produce terminal graphics (just to keep innumerate managers happy) :-

» grep DHCPDISCOVER 2022.07.local0.info.log | awk '{print $7}' | sort | uniq -c | sort -r -n | awk '{print $2, $1}' | tbar --replace 1 --max 350
4D:6D:4F:55:59:B4 ■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■
91:06:27:15:EF:DC ■■■■■■■■■■■■■■■
CC:78:14:BB:E4:3D ■■■■■■■■■■■■■■
FD:D4:00:41:29:BE ■■■■■■■■■■■■
85:2C:B4:B3:70:7E ■■■■■■■
44:FD:6E:05:82:21 ■■■■■■■
4D:6D:4F:55:59:B3 ■■
F3:55:1E:06:D4:49 ■
36:1E:07:2D:AD:76 
F3:55:1E:06:D4:48 
DF:69:AF:DC:79:3E 
89:C1:67:B8:9D:6F 
40:5B:D8:FF:FA:29

The pipe isn’t so much a tool itself as a mechanism to combine tools into producing interesting results.

Shell Alias May Be Dangerous

Computing, Linux 0 Comments

Jul 132022

Not all shell aliases of course, but some. I’ve just seen a youtube video that suggested creating a shell alias to run rmtrash when rm is invoked :-

alias rm='rmtrash'

Seems sensible enough doesn’t it? This is in fact the classic example of how dangerous shell aliases can be, although the classic example was to turn on “-i” :-

alias rm='rm -i'

The problem is that you get used to “rm” being safe – either it asks before it removes files (“-i”) or it safely preserves what is deleted in the Trash folder. But what happens when the alias doesn’t get created? Perhaps you have a broken .zshrc and Zsh stops interpreting before the alias is declared. Or you’ve logged on to a remote server that doesn’t have your .zshrc installed as yet?

All of a sudden you are running the unadulterated rm command – deleting files without being asked, or preserving them in the Trash folder. See the danger now?

It is better not to replace standard commands but create a new ‘command’ :-

alias del="rmtrash"

Perhaps you regard this as being excessively risk averse – fair enough. But just don’t say you weren’t warned – and I’ve encountered missing aliases every year over the last 30-odd years I’ve been using Linux and Unix.

When Is a Command-Line Application Not?

Computing, Linux 0 Comments

Jun 022022

It sometimes seems that every time I dive into a Youtube video promising “${N} Awesome CLI Applications” (or equivalent), that most of the suggested applications are not command-line applications. They’re TUI-applications – text user interface as opposed to graphical user interface – or to align with my bad habit of referring to GUI applications as gooey applications, perhaps tooey applications.

Now there’s nothing wrong with tooey applications; I use them every day. Especially nmon (just because I got used to it before I discovered htop). Or btop

But none of these are really command-line applications; by which I mean they aren’t used at the command-line even if they are (optionally) invoked there. A command-line application allows you to use the shell including pipes to produce an aggregate result. For example :-

» grep mike /etc/passwd | awk -F: '{print $5}'
Mike Meredith

That uses two command-line “applications” to turn a username (“mike”) into a full name (“Mike Meredith”). Yes it can be optimised into a single command :-

» awk -F: '/^mike:/ {print $5}' /etc/passwd
Mike Meredith

… which even improves the search, but makes the point less well. And we can do slightly fancier things too :-

Screenshot of a random URL being picked and turned into a QR code.

(don’t assume that QR code takes you somewhere nice)

I’m not suggest Youtubers should stop making videos about terminal-based applications; I’m not even suggesting they should concentrate on “proper” command-line applications. Just don’t call terminal-based applications “command-line” because they really are not.

Linus’ Linux Travails

Computing, Linux 0 Comments

Nov 112021

If you follow a certain Linux on Youtube, you may well be aware of an incident where Linus was trying to install Steam on a newly installed copy of Pop_OS! and managed to produce a bit of a mess without a desktop environment. What happened?

I think that when he encountered a problem installing Steam with the gooey, he then obtained a command-line “recipe” for installing Steam – potentially for a different distribution (it certainly mentioned removing lots of “stuff” including gnome-desktop).

Is this a problem with Linus being a bit of an idiot or Linux being a bit broken? A bit of both perhaps.

Linus’ idiocy is perhaps an example of a little knowledge being a dangerous thing – he mentioned being comfortable with using the command-line, but would admit that he doesn’t understand everything that goes on within it (to be fair, nobody understands everything even those who’ve been using the Linux command-line for over 20 years). And certainly when apt said “To install this package, I’m going to remove this long list of other packages”, the appropriately cautious should be saying “No” (and yes there is a prompt to allow you to do that).

The Linux command-line follows the principle that if the human wielding it wants to do something dumb, it may warn you but it will let you do whatever you want. That’s handy but scary and dangerous.

Now most users will likely veer away from the command-line – this is where Linus was a bit of an idiot – at least until they have a bit more experience. But perhaps those who make distributions should make the danger a bit more dangerous by adding a warning when opening the terminal (added to ~/.profile so we can remove an unnecessary warning) :-

WARNING !!!!

The command-line can be dangerous if you are not careful. Pasting in "recipes" found on the Internet for solutions to issues can result in serious damage to your Linux installation requiring re-installation.

In particular a recipe should be specific to your distribution and the version of the distribution you are running.

When looking for solutions on the Internet, always bear in mind that there are idiots out there who will publish “solutions” that are anything but. As mentioned in my hypothetical warning, recipes are very often (especially when dealing with software installation) specific to a particular distribution and version – use it inappropriately and you may well run into serious trouble.

On the subject of gooeys, it would be handy to include a “Solutions” link when an error occurs in a software package manager that takes you to a web page specific to the package you are trying to install. Encounter trouble installing “Steam 6.23”? The solutions link might take you to a page saying “This package is out of date; please run Update”. This would allow links to be specific to the distribution and version in use – a lot more helpful than simply expecting the user to search the Internet for a solution.

My Random Password Generator

Computing, Linux, Security 0 Comments

Nov 062021

Someone asked me about this – a zsh function which I use to generate random passwords :-

✓ mike@pica» rpass noise
oOg6vsM+V0It4he6US4Xk6DuZPja9okyOpQyUCfW6NQ=
✓ mike@pica» rpass words
patternmaker+meio+tubicolous+misbelievingly

It’s too small and simple for me to classify as “open source” but there’s no harm in sharing the function :-

✓ mike@pica» which rpass
rpass () {
	case "$1" in
		("noise") dd if=/dev/random bs=1 count=32 status=none | base64 -i ;;
		("words") punct=("," "." "<" ">" "/" ";" ":" "-" "+" "=") 
			onep=${punct[$(($RANDOM % ${#punct[@]} + 1 ))]} 
			w1=$(shuf -n 1 /usr/share/dict/words | sed -e "s/'.*$//") 
			w2=$(shuf -n 1 /usr/share/dict/words | sed -e "s/'.*$//") 
			w3=$(shuf -n 1 /usr/share/dict/words | sed -e "s/'.*$//") 
			w4=$(shuf -n 1 /usr/share/dict/words | sed -e "s/'.*$//") 
			echo "${w1}${onep}${w2}${onep}${w3}${onep}${w4}" ;;
		("*") echo $1 not understood ;;
	esac
}

This is just a simple zsh function with all sorts of little “issues” – not least is that it could at least say “$1 not understood – try ‘words’ or ‘noise'”.

Older Entries Newer Entries